There are no small targets anymore – hacker attacks on SMEs

Two points of attack on company networks can be identified internationally: employees who are too careless with data, and company managers who do not carry out essential software updates.

Studies show that SMEs often have a false sense of security when it comes to the use of their IT: ‘What we do isn’t really interesting to hackers.’ This statement is a dangerous error in judgement for several reasons. No one should feel entirely safe just because the spectacular and well-known hacker attacks either affected major companies like Yahoo or took place in more than 150 countries simultaneously, for instance through the WannaCry malware.

Small companies awaken major greed

There are many reasons for this: SMEs hold bank, credit card and personal details that are very appealing to thieves and fraudsters. SMEs are service providers and suppliers for many major companies. Data that a hacker acquires ‘small-scale’ can be misused as a free ticket into these major companies. SMEs in competition with each other often use the same providers. An attack on said providers can reveal data that should not under any circumstances fall into the wrong hands or the wrong company.

Hardly any SMEs have the necessary security department or even the staff to promptly uncover and protect against attacks by hackers. The software required to record, track and evaluate these attacks is also rarely in place. Criminals know this. The danger of being discovered, prosecuted and punished is therefore lower for them, which increases the appeal of criminality in this area.

There is barely an SME out there that gets by without computer-supported data. Malware programs such as ransomware, which infects and blocks a computer and then demands money to unblock it, are widespread and more dangerous than many assume.

However, most dangers can be easily tackled. If all users had applied updates to their operating system in a timely manner, the WannaCry malware would never have been so effective. Downloading software from unknown sources without due consideration or opening emails from questionable senders are also sources of incalculable potential danger.

A little goes a long way

In view of the advances in digitalisation in all areas, it is essential for SMEs in particular to actively use digital opportunities for their business models and strengthen their ability to defend themselves against dangers on the Internet. The necessary measures can be easily implemented, mostly at low costs. However, it is important to never let up in security efforts and under no circumstances should they only be implemented sporadically.

Here are ten simple rules that are also simple to follow. They will provide effective protection if they are genuinely adhered to by everyone in the company.

Ten simple protective measures against attacks by hackers

1. Make sure you and your employees are always aware that you and your company are a worthwhile target for attacks by outsiders.

2. Offer your employees security training. Tools and white papers for this purpose are available online.

3. Only give each employee the access credentials they need in order to do their job. Do not give company passwords to family members.

4. Create back-ups continuously. In the worst-case scenario, only yesterday’s data will be lost.

5. Encrypt sensitive data. This option is already included in many Windows formats. You can also find suitable training on email security, social media guidelines and general measures online.

7. Set rules for the standards that employees’ passwords need to adhere to. These should include numbers, special characters and both upper- and lower-case letters.

8. Develop clear guidelines for your company’s social media activity and check that they are adhered to. In this way, you can avoid sensitive data reaching the public, for example.

9. Use security software and insist that your employees do so, too. PCs, laptops, tablets and smartphones must always have the latest version.

10. Separate Internet access for employees and guests of your company who are using a private computer or smartphone. Many routers allow the required network for this to be set up.

Dangers lurking in the futurel

As the risk and complexity of cybersecurity are increasing, greater resources are required to react to them. Differences in security are developing between nations, individual and companies. The biggest risk in this context is the emerging difference in security within and between societies. Companies in developing countries, for example, often lack the ability and resources to protect their data. While an organisation may have access to suitable abilities and resources, their partners and suppliers may not, which creates weak spots.